package xiaoqianlang.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import xiaoqianlang.filter.JwtTokenFilter;

/**
 * @Author：xiaoqianlang
 * @Package：xiaoqianlang.config
 * @Project：PasswordManage
 * @name：SecurityConfig
 * @Date：2025/4/3/周四 17:12
 * @Filename：SecurityConfig
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig {

    private final String secretKey = "xiaoqianlang&yanglan&blue&alwaysblue"; // 替换为实际的密钥
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()// 如果不需要 CSRF 防护，可以禁用
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers("/api/auth/register", "/api/auth/login","/api/auth/info/","api/auth/info/*").permitAll() // 放行注册和登录接口
                        .anyRequest().authenticated() // 其他接口需要认证
                )
                .addFilterBefore(new JwtTokenFilter(secretKey), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }


}
//,"api/auth/info/*"